Professional Documents
Culture Documents
CLEARPASS EXCHANGE
Open third party integration for endpoint controls, policy and threat prevention
This data is gathered from numerous internal and third-party figure 1.0_081016_clearpassexchange-soa
systems through one-way and bidirectional communication.
To simplify the sharing of context, ClearPass supports data
exchange methods via APIs, Syslog messaging, and the use of
an integrated respository called ClearPass Extensions.
For example, using XML APIs, ClearPass can poll EMM systems
for a variety of device information, including manufacturer
and model, encryption status, blacklisted and whitelisted
applications, and jailbroken status. When EMM systems detect
policy violations, they are incorporated into ClearPass policy
decision making.
SOLUTION OVERVIEW
CLEARPASS EXCHANGE
figure 1.0c_081016_clearpassexchange-soa
figure 1.0d_081016_clearpassexchange-soa
SOLUTION OVERVIEW
CLEARPASS EXCHANGE
THE POWER In addition to custom integration, Aruba works with industry-leading partners to
natively integrate ClearPass with EMM, firewalls, single sign-on, and many other
ENTERPRISE MOBILITY MANAGEMENT If a user fails to authenticate with the network multiple
Integrating EMM with a NAC system is critical as BYOD and times, ClearPass can trigger an EMM system to send a
Internet-of-things (IoT) proliferate in the workplace. EMM notification message directly to the device and trigger the
systems share contextual data about devices and makes it network to automatically quarantine the device or take other
easier to enforce network policies using attributes gathered corrective action.
by an EMM agent. Conversely, device posture assessments performed by
ClearPass offers rich bidirectional integration with multiple Tier EMM systems for missing agents as well as blacklisted
1 EMM vendors, including MobileIron, AirWatch by VMware, applications can trigger ClearPass access enforcement,
Citrix XenMobile, JAMF Software, IBM, SOTI, and SAP Afaria. remediation and notifications.
For example, EMM can tell the ClearPass server about a This built-in EMM integration ensures that ClearPass has
device’s posture, its OS version, the apps running, who owns the necessary device posture information to make the best
the device, whether the device is personal or corporate- network access decisions. Additional notifications and value-
owned, and other information. added policy events can also be triggered.
1 2
JAIL-BROKEN HELPDESK NOTIFICATION
DEVICE DETECTED AUTO GENERATED
3
MESSAGE TO DEVICE
AUTO GENERATED
figure 2.0_081016_clearpassexchange-soa
SOLUTION OVERVIEW
CLEARPASS EXCHANGE
NEXT-GENERATION FIREWALLS ClearPass integration with firewalls lets you give an iPad user
Next-generation firewalls feature traffic classification that external web browsing privileges to access webmail and
natively inspects all apps, threats and content. ClearPass social sites, while restricting that same user on a company-
integration extends the policy enforcement capabilities of issued laptop to external web browsing with no access to
these firewalls beyond simple IP address and directory-based webmail and social sites.
user identity information.
1
USER AND DEVICE
AUTHENTICATION
2
USER AND DEVICE INFORMATION
SENT TO FIREWALL
3
TRAFFIC ENFORCEMENT BY
USER AND DEVICE TYPE
figure 3.0_081016_clearpassexchange-soa
SOLUTION OVERVIEW
CLEARPASS EXCHANGE
SECURITY INCIDENT EVENT MANAGEMENT (SIEM) Additionally, ClearPass integration with SIEMs makes it easy
SIEM systems let you aggregate all security events for data to track authentication requests, failures and alerts, policy
correlation and possible coordinated enforcement actions enforcement trends – such as the Top 10 most frequent
with other systems. Sharing NAC/AAA data with these enforcement profiles applied – endpoint profiles, session
solutions is essential to any access layer security strategy. details, and other useful information.
1 1
FIREWALL
3
1
1 3 EMM/MDM
REAL-TIME EVENT LOGS QUARANTINE HIGH
RISK CONNECTIONS
2
PINPOINT AND CORRELATE
THREATS/VIOLATIONS
figure 4.0_081016_clearpassexchange-soa
SOLUTION OVERVIEW
CLEARPASS EXCHANGE
www.arubanetworks.com SO_ClearPassExchange_113016